HackDig : Dig high-quality web security articles

A week in security (July 4 – July 10)

Last week on Malwarebytes Labs: My Body, My Data Act would lock down reproductive and sexual health data“Free UK visa” offers on WhatsApp are fakesHackerOne insider fired for trying to claim other people’s bountiesUpdate now! Chrome patches ANOTHER zero-day vulnerabilityCloud-based malware is on the rise. How can you secure your business?TikTo
Publish At:2022-07-11 07:54 | Read:401 | Comments:0 | Tags:A week in security Apple Lockdown Mode Brazil cloud malware

HackerOne insider fired for trying to claim other people’s bounties

The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. HackerOne HackerOne acts as a mediator between white hat hackers that find sof
Publish At:2022-07-04 20:00 | Read:454 | Comments:0 | Tags:Reports bug bounty disclosure HackerOne insider threat rzlr

Unfaithful HackerOne employee steals bug reports to claim additional bounties

Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted by white-hat hackers to claim additional bounties. The investigation s
Publish At:2022-07-04 06:02 | Read:658 | Comments:0 | Tags:Breaking News Cyber Crime Security HackerOne Hacking hacking

HackerOne announces first bug hunter to earn more than $2M in bug bounties

White hat hacker could be a profitable profession, Cosmin Iordache earned more than $2M reporting flaws through the bug bounty program HackerOne. Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne. 334 days ago we announced Cosmin as the 7th hack
Publish At:2020-12-27 07:36 | Read:2436 | Comments:0 | Tags:Breaking News Hacking Security Bug Bounty HackerOne hacking

iOS TLS session resumption race condition

Roughly three months ago when iOS 9 was still the newest version available for the iPhone, we encountered a bug in the Twitter iOS app. When doing a transparent proxy setup for one of our iOS app security tests, a Twitter HTTPS request turned up in the Burp proxy log. This should never happen, as the proxy’s HTTPS certificate is not trusted on iOS and
Publish At:2016-12-23 23:30 | Read:6104 | Comments:0 | Tags:Mobile Security Hackerone iOS session resumption TLS Twitter

Activity wrap-up inlcuding AFL, CRASS and Burp

Here’s a little overview of my last few months: Thinking about using libjson? Maybe you should wait for a bug fix. Trying to fuzz Java code with afl-gcj was not a very pleasant experience. Made some efforts to show how to fuzz CGI scripts with AFL. My CRASS project that includes a script to grep for interesting security related tokens is constantly gr
Publish At:2016-11-25 12:20 | Read:6252 | Comments:0 | Tags:Various AFL afl-gcj Burp cgi CRASS Hackerone libjson

Yelp Will Award Up to $15K for Exploits Found in Bug Bounty Program

Crowd-sourced review service Yelp says it will award researchers up to 15,000 USD for reporting exploits as part of its newly public bug bounty program.The company successfully ran a private bug-bounty program for the past two years, during which it worked with private researchers and bug bounty hunters to fix as many as 100 vulnerabilities.But to adequately
Publish At:2016-09-07 14:10 | Read:5260 | Comments:0 | Tags:Latest Security News Bug Bounty exploits HackerOne vulnerabi

Launching an Efficient and Cost-Effective Bug Bounty Program

Over the last few years, you’ve probably heard a lot about companies launching their own bug bounty programs. Software giants, such as Google, Microsoft, Twitter and Yahoo, as well as hardware-centric companies, such as Tesla, Samsung and even United Airlines, run programs that pay out cash for finding vulnerabilities. As these programs gain popularity, you
Publish At:2015-10-23 14:30 | Read:8843 | Comments:0 | Tags:Featured Articles Vulnerability Management Bug Bounty Bugcro

Fuzzing for Fun and Profit

So as you do, I was just looking around, manually fuzzing some Web Sockets requests, seeing if I could get any sort of XSS, Remote IRC Command Injection or SQLi mainly – ended up that I didn’t find much there that worse worth noting. So I started seeing if their logic was all alright, so one of their requests looked similar to: {“_reqid”:1234, “cid”:5678, “t
Publish At:2015-10-13 17:40 | Read:6112 | Comments:0 | Tags:exploitation fuzzing infosec pentesting pentura security Sof

Model Assesses Readiness to Accept Outside Vulnerability Reports

The proliferation of independent and vendor-sponsored bug bounties has not only put some money in researchers’ pockets, but has also forced enterprises—and software makers—to put processes in place to handle outside bug reports.“Saying you want one is not enough,” said Katie Moussouris, chief policy officer at bug bounty platform provider H
Publish At:2015-09-22 18:05 | Read:4790 | Comments:0 | Tags:Vulnerabilities Web Security bug bounties bug reports Hacker

Unusual Re-Do of US Wassenaar Rules Applauded

In spite of self-congratulatory pats on the back from several corners of the security world, this week’s decision from the Commerce Department’s Bureau of Industry and Security (BIS) to rewrite the proposed U.S. implementation of the Wassenaar Arrangement rules was an expected outcome—albeit an unusual one.A 60-day comment period ended on July 20
Publish At:2015-08-01 01:05 | Read:5714 | Comments:0 | Tags:Government Malware Privacy Vulnerabilities BIS Bureau of Ind

Yahoo Bug Bounty Program Awards $1 Million to Security Researchers

Yahoo announced that it has paid security researchers one million dollars as part of its bug bounty program.According to a post written by Ramses Martinez, Senior Director and Interim CISO at Yahoo, the company’s bug bounty program, which The State of Security named one of our 11 Essential Bug Bounty Programs in 2015, has shown significant growth over
Publish At:2015-07-30 12:26 | Read:6025 | Comments:0 | Tags:Latest Security News Bug Bounty HackerOne Ramses Martinez Ya

Bug Bounties in Crosshairs of Proposed US Wassenaar Rules

Bug bounties have gone from novelty to necessity, not only for enterprises looking to take advantage of the skills of an organized pool of vulnerability hunters, but also for a slew of independent researchers who make a living contributing to various vendor and independent bounty and reward programs.The proposed U.S. rules for the Wassenaar Arrangement pose
Publish At:2015-06-09 13:45 | Read:4997 | Comments:0 | Tags:Google Government Hacks Microsoft Privacy Vulnerabilities We

#HackerKast 34: SOHO Routers hacked, 3d printed ammo, Nazis & child porn, PayPal Remote Code Execution, Dubsmash 2,

Hey Everybody! We’re back from our 1 week break due to crazy schedules and even now we are without Jeremiah. Coconuts don’t make great WiFi antennae or something. Started this episode talking about some Vendors who decided to do some weird, bad stuff this past week. In both stories it seems some security vendors were caught being naughty, start
Publish At:2015-05-16 10:50 | Read:7576 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security W

Dropbox Launches Bounty Program on HackerOne

Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program.The new reward system from Dropbox covers a variety of the company’s offerings, including the Dropbox and Carousel iOS and Android applications; the D
Publish At:2015-04-15 17:55 | Read:5250 | Comments:0 | Tags:Vulnerabilities bug bounty dropbox HackerOne vulnerabilities


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud